London, UK, 15:30 GMT 16th September 1999 - The recent hack of the
NASDAQ and AMEX web site (www.nasdaq-amex.com), in which the hacker group
'United Loan Gunmen' (ULG) infiltrated the internet computing end and defaced
the web site demonstrates graphically the vulnerability of very high profile
web sites. This attack succeeds recent attacks by ULG on other well known
web sites - C-Span, ABC and Matt Drudge - highlighting the concern that successful
web sites and on-line businesses are more vulnerable to Cyber Attack, as they
receive more unwanted attention from hackers. This is simply because the hacker
groups are aware of the influence of these well viewed sites. By attacking
them, the hackers are more likely to achieve their disparate aims of embezzlement,
extortion or notoriety.

mi2g software comment

"On-line financial institutions, bourses and
shopping sites ought to be aware that they need to put internet security at
the top of the board agenda. Whilst the security blue print is off-the-shelf
and not unique in architecture, high profile hacking attacks will become weekly
and then daily. The inevitable consequences when the hack becomes public knowledge
are likely to be a sharp drop in share price and Downstream Liability for
the victim", said D K Matai, Managing Director of mi2g
software.

Analysis

For this information please contact e-risk.analysis@mi2g.com

Long Term View

At present the 'source code' of most commercial software is not available
publicly. If a security hole is discovered by a well sized client company,
their own programers can't plug the hole directly, they have to wait for the
vendor to provide a patch, which may be made available in a few days, weeks
or months. For older operating systems and standard applications, where some
standard security concerns have been addressed, the 24-hour, 365-day, non
stop international threat arising from a networked culture was not adequately
considered in the beginning because it did not exist at that time. The loss-of-confidence
cost of correcting the architectural flaws is so high that it is likely that
newer open operating systems with bespoke fortress architecture will ultimately
supersede in security critical areas for large clients.

Background:

1.mi2g software presented seminars on e-risk at Richards Butler
on 4th August and Hammond Suddards on 8th September. A total of 220 CEOs,
FDs and Partners from USA, Germany, Japan and Britain have attended the events
which highlight the threat to e-commerce systems from Cyber Warfare. We presented
an update on all major Cyber Warfare incidents and trends within the escalating
threat to e-commerce businesses, financial institutions and multi-national
corporations. Future seminars on e-risk are planned for October and November
99.

2.Downstream Liability is the real possibility of litigation
arising from customers and businesses that have bought a product or a service
from a vendor in good faith and have surrendered personal and financial information
about themselves for a declared purpose only.

3. The total cost of servicing Cyber Warfare incidents worldwide
is likely to exceed $20 Billion in 1999 according to mi2g software.
In the last seven months, there have been three major virus attacks and several
full scale Cyber Attacks. Melissa in March, Chernobyl in April and the fatal
ExploreZip in June cost corporations huge unplanned and unbudgeted resources.
The cost of disabled computers and their down time through each major worldwide
Cyber Warfare incident is already exceeding $2.5 Billion.

4.mi2g software (www.mi2g.com) is a leading edge London based
e-commerce enterprise specialising in e-commerce risk management and bespoke
security architecture.